The overall information dynamics, threat landscape, potential vulnerabilities are rapidly changing in todays age where people are exposed to various systems on the internet like social media. Personal information is easily accessible and that makes people and Organizations susceptible and vulnerable to get compromised.

Manufacturing industry as such has not really evolved in this area. OT and IT are not integrated at most places. I like being a CISO especially in the manufacturing industry as there are various areas which need to be protected and that make the job extremely challenging.

2) An 'Aha ' leadership moment in your professional career.

As I said, manufacturing industry as such has not really evolved in the field of information security. However, it is very much aligned to various standards and compliance like Quality, Environment, Safety, Manufacturing Excellence etc. and use ISO standards extensively.Hence we took the channel of ISO 27001 for spreading awareness about information security and then implementing the same to ensure tight controls including the perimeter security. Today we are certified on ISO 27001 (ISMS) for 9 major plants and information security is no longer an ignored subject. I believe thats and Aha moment in my professional career as a CISO

3) As a CISO what was the toughest decision you made?

Mandating ISO27001 across the organization, disablement of USB ports for storage but getting approval for the use of devices like data cards for staff that travels to remote plant locations were some of the tough decisions. This involved some disagreement with Top management initially, however it was implemented after they were logically convinced.

4) What's the 'next big thing' in your industry vertical?

SCADA / DCS / PLC and OT security in wake of the digitization and iOT enablement of field and shop floor level equipment will be the next big thing in manufacturing. This will eventually lead to a formal security organization structure across the company with centralized budget requirements.

5) One thing that IT departments should do better.

IT department has to ensure that a proper processes like SDLC, ITIL etc are followed and requirements are gathered perfectly. If this is not done Application Security controls, especially for financial applications to be audited become less effective. Addition of a certain functionality to the application after defining the Application Security controls is a very dangerous thing to do.

6) Where do you see the CISO role heading in the future?

The CISO role is definitely here to stay as long as information is deemed to be critical for compromising. However in wake of the digitization trends and the known as well as unknown vulnerabilities that arise out of this trend, the applicability of the CISO role has changed. CISO role now extends to cyber world also. Moreover, with the Malware and Ransomware attacks becoming rampant, a CISO now has to gear up with various proactive defence techniques to save the organization from such attacks

7) One thing that CISOs should learn from business?

It is extremely critical for a CISO to understand business and identify those areas which can cause maximum damage if compromised. This helps him to bring the right solutions on the table and ensure complete security of the business and customer.

8) The last book on your bedside and what you learnt from it.

The last book I read was Asura:- The Tale of the Vanquished. This mythological fiction depicts the tale of Ramayana from the view point of Ravana and a common Asura, Bhadra.